Like this:

Related

Ran across this twice today alone. Both from different people, I fell for the first one. Took me over 7 hours to eradicate the malware it installed on my PC, almost had to reformat. It installed “Antivirus XP 2008” Malware, luckily I had Malwarebytes, SpybotS&D, and SuperAntiSpyware already installed, they killed most of the infection within minutes, but rooting out the tendrils it left behind was a bit of a problem. Apparently it also attempts to hijack your internet connection, and I detected another user on my PC. Possibly a Botnet user attempting to use my PC for spam purposes.

hey….
i ran across this twice on one morning…… I’m from the netherlands, and i don’t even watch cnn !!!!!! lucily I didn’t fell for it and i’ve developed a habit that everytime i see something like this in my mailbox, i look it up on the internet before i open it….. that’s how this website saved me a whole lot of trouble, thanx very much !!!!!!!!

Since we do a similar header modification around here to flag spam, but were handling this malware differently, it caused some serious confusion and head scratching, which was just what the bastards intended.

These guys are Machiavellian. Its as clever as balancing a bucket of water above a door jamb in a way the intended victim can see it, but then when he carefully removes it and proudly takes it to the sink to pour it out, he discovers the real gotcha was that the undersink trap has been removed so the water pours all over his feet and the floor.

I received this e-mail yesterday evening and thought it was iffy – BUT – it said Bank of America just announced bankruptcy and as I bank there I stupidly clicked on the link for the story.

It came back with “you must upload the newest version of ?? player” to see video”

I KNEW there was a problem at that point but it would not allow me to exit – kept coming back with the same window.

Bottom line, in trying to get out of the loop I hit the “allow” button by mistake.

I immediately did a cntrl/alt/delete and closed browser.

I was/am running McAfee – it never said it stopped anything.

I ran a complete McAfee scan, found nothing.
I then ran Ad-Aware – only found normal cookies.
Then ran SuperAntiSpyware – only found normal cookies.
Just finishing running Trend Micro – seems to have found nothing.

Did I get a virus/trojan/etc. in the short time before I closed the browser and none of the virus programs I have run found it??

Are you running on Windows XP, and are you using an administrative account? If so, it’s better to do some additional checks. Do you know which version of the McAfee DAT files you used to scan? According to Virustotal the 5357 DAT files didn’t detect the Fake CNN Alert malware.

The best thing you can do is scan your machine off-line: boot from a live CD and do a a malware scan of your disks. F-secure just released a new ISO file to do this. And to be really safe, don’t download and burn this ISO on your suspect machine, but use another one.

Didier writes:your users got a mail in their inbox (not in their SPAM folder)

Yes, because it came in that way which is the last thing you’d expect SPAM to say first thing out of the box. To be more precise than my earlier post, we used to do a subject: header rewrite adding [SPAM] to suspected spam, but we stopped that a few days ago. So when the CNN Alerts: style spam (that we’d previously eliminated with its unique own filter rule) started showing up with what appeared to be a header rewrite that was no longer enabled, it drove me crazy for a few minutes because I first blamed our mail server (which is Ability Mail Server*), but then realized that our spam header rewrite was typographically different than what we were seeing on the pre-labeled CNN spam.

*Full Disclosure: I have no interest in Code-Crafters Ability Mail Server other than as a satisfied long-term user.